Why Your Data Cleanup Efforts Are Probably Failing

Written by Gimmal Product Marketing
Data cleanup feels like the house chore everyone knows they should do—yet it rarely makes it to the top of the to-do list until something goes catastrophically wrong. You may have heard it explained in terms of storage costs, security, or operational efficiency. Those reasons are all valid, but they often overlook one critical point: data cleanup is just as much about people and process as it is about technology.
In a recent Gimmal webinar, we invited industry expert Joe Shepley, Managing Director at Alvarez & Marsal, to discuss the common pitfalls around data cleanup and share practical tips to help organizations succeed. Below are the key takeaways, along with insights to get your cleanup initiative on track.
Table of Contents
- The Trifecta: People, Process, and Technology
- Accountability vs. Responsibility
- Securing Buy-In: The Power of the Steering Committee
- Designing an Effective Process
- Overcoming Cultural Barriers
- Choosing the Right Technology
- Looking Ahead: Beyond the Cleanup
The Trifecta: People, Process, and Technology
“We tend to think that technology will resolve all things, and yes, technology plays a big part of that,” Gimmal’s Kim Tran explained. “But there’s also the reality and the trifecta of aligning people, process, and your technology solutions.”
For too long, data cleanup initiatives have focused primarily on technology—deploying bigger, better, or newer tools to find and delete ROT (redundant, obsolete, trivial) data. As Joe Shepley noted, technology today is sophisticated enough to handle large-scale data identification and classification. The real reason data cleanup fails is that organizations don’t address the people and process side of the issue.
Accountability vs. Responsibility
A big theme throughout the webinar was the importance of clarifying who is actually on the hook for data cleanup:
“If it’s past retention and there’s no preservation obligation, it needs to be deleted. There shouldn’t be a step for asking.” – Joe Shepley
Many organizations mistakenly believe they can make business end-users accountable for data cleanup. But in reality, General Counsel (GC) (or a similarly senior executive) has to sign off on potential risk areas—they are the ones “on the plane” answering to regulators, legal courts, or both if something goes wrong.
- Identify true accountability: Typically, the GC or CISO will share ultimate accountability.
- Define responsibility: Different teams (IT, Records, Privacy, Security, Business) execute the cleanup, but they do so knowing the GC or CISO is mandating the effort.
- Communicate the stakes: Data breaches, regulatory fines, reputational harm—these outcomes hit executives and boards the hardest.
Securing Buy-In: The Power of the Steering Committee
Having the “right people at the table” was another recurring point. You don’t just need legal. You need IT, privacy, records management, security, and business units involved from day one to design a realistic approach. A cross-functional Information Governance (IG) Steering Committee can:
- Give each department a voice in the process.
- Guard against too much (or too little) legal oversight.
- Surface real-world operational challenges—for instance, when the business says they need certain data beyond the legally mandated retention period, or when IT reveals that certain systems can’t easily delete partial data sets.
Employees also want to know this program is set up for success. As Shepley joked: “Nobody wants to be on a sinking ship.” They need reassurance the organization is serious, leadership is unified, and success will be recognized.
Designing an Effective Process
“What is the data? What’s our obligation to retain it? Are we past retention? Is there a legal hold? No? Delete.” – Joe Shepley
As simplistic as a four-step approach sounds, it works when your organization does the thinking up front, establishing consistent, unambiguous steps:
Identify
- Where is the data stored (file shares, structured databases, local devices, third-party systems)?
- What is the data?
Evaluate Retention Obligations
- What regulatory or business requirements determine how long we keep it?
- Are we certain that operationally we don’t need it longer?
Check for Preservation (Legal Holds)
- Who verifies this and how? (Possibly a new or updated legal-hold process.)
- Is there any active or reasonably anticipated litigation hold?
Dispose
- If past all obligations, delete confidently, without needing to ask permission each time.
Yes, it truly can be that straightforward. But it hinges on the homework done before you kick off any mass deletion. The design process must include the right stakeholders and must produce easy-to-follow checklists so people aren’t making “before coffee” vs. “after coffee” decisions.
Overcoming Cultural Barriers
A universal truth: people hate change—especially change that involves deleting data. Fear, uncertainty, and “just in case” thinking can sabotage the best-designed policies. Shepley noted, “Most people probably have no idea of the risk we face keeping data that has no value.”
To tackle the culture issue:
Educate: Promote understanding of cyber threats, regulatory liabilities, and the real costs of storing unnecessary data.
Reward and Recognize: Celebrate teams that clean up data or champion new processes.
Lead by Example: Executive teams, legal, and IT must demonstrate they follow the same rules as everyone else
Communicate: Let people know this is an ongoing transformation, not a moment-in-time project.
Choosing the Right Technology
The reason technology is last in the discussion? Because you need confidence in your process first. Once your process is set, seek out a solution that:
- Scans and classifies large volumes of data, structured and unstructured.
- Scales to your current volumes (and future growth).
- Fits your organizational workflows—especially around legal holds, retention schedules, and policy management.
- Collaborates seamlessly with your teams, offering transparency and user-friendly dashboards or reports.
“Be an educated buyer. Know what you’re trying to achieve. Collaborate with software partners to find a solution that fits your vision.” – Kim Tran
If you don’t know your use case, you risk buying shiny new tools that still don’t solve your real problems.
Looking Ahead: Beyond the Cleanup
Data cleanup isn’t a one-and-done project. For many enterprises, it’s going to be a multi-year journey. And once you’ve finally caught up with the backlog, you still have to:
- Monitor for ongoing compliance and changing regulations.
- Update policies as your business evolves (new products, mergers, acquisitions, global expansions).
- Optimize your technology strategy to keep pace with data growth.
In other words, you’re building a sustainable culture of information governance—a “forever habit” rather than a crash diet.
Ready to Get Started?
At Gimmal, we help organizations align the people, process, and technology needed to actually achieve defensible deletion and ongoing data management. Whether you’re dealing with legacy environments, complex email archives, or large volumes of structured data, our solutions and experts guide you step-by-step.
Want to see how it works in practice?
- Explore Gimmal’s platform to learn more about how we can help orchestrate your data cleanup.
- Join one of our upcoming user groups or webinars for real-world success stories and demos.
- Connect with our team to discuss how to tailor a cleanup approach for your organizational culture, legal requirements, and technical landscape.
Remember: Don’t wait until a regulatory breach, massive eDiscovery cost, or board-level crisis forces your hand. Take it from Joe Shepley’s years of advising Fortune 1000 companies: “We can’t just keep data forever. Regulators, judges, and cybersecurity threats are raising the stakes.”
It’s time to address why data cleanup fails. With clear accountability, genuine buy-in, well-designed processes, cultural alignment, and the right technology, you can ensure your next data cleanup initiative doesn’t just start—it succeeds.
“Progress, not perfection!” – Kim Tran
Interested in learning more? Reach out to Gimmal, browse our resources, or check out A&M’s blog, here.
Ready To Speak With Us?
Get started by filling out the form below, and let us help you leverage your existing infrastructure with minimal disruption. Whether you’re looking for ease of use, a single platform solution, or guidance on information governance, we’re here to assist.
Related Content

Checklist for Data Risk Mitigation
Checklist for Data Risk MitigationBefore a data breach can threaten your organization's integrity, it's crucial to establish a robust defense. This pre-data breach checklist infographic outlines critical preventative measures to secure your data and shield your...
Data Retention Policies in the AI Era: What’s Changing?
Data Retention Policies in the AI Era: What’s Changing? Jan 16, 2025 The landscape of data management is undergoing a seismic shift as artificial intelligence becomes increasingly central to business operations. Organizations are now grappling with unprecedented...
AI Governance vs. Data Governance: Understanding the Differences and Opportunities
AI Governance vs. Data Governance: Understanding the Differences and Opportunities Jan 8, 2025 In our current rapidly evolving technological landscape, enterprises are collecting, analyzing, and leveraging unprecedented amounts of data. This massive influx of data,...
Ready or Not: Building & Deploying AI-Ready Data
Ready or Not: Building & Deploying AI-Ready Data Dec 17, 2024 Artificial Intelligence (AI) is transforming industries at an unprecedented pace, offering organizations the potential to unlock new levels of efficiency and innovation. However, amid the excitement, a...

GRC Market Leader Gimmal Launches Comprehensive Legal Hold Solution with Microsoft 365 Integration for Content Preservation
HOUSTON, TX — February, 29, 2024 — Gimmal, the market’s only end-to-end information governance platform, announced the launch of its Legal Hold solution, a comprehensive and centralized Software-as-a-Service (SaaS) platform for streamlining complex legal...